Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vnc vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2008-4539
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this iss...
Kvm Qumranet Kvm
Qemu Qemu
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Debian Debian Linux 5.0
Debian Debian Linux 4.0
7.5
CVSSv2
CVE-2014-0011
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC prior to 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to scree...
Tigervnc Tigervnc
NA
CVE-2022-41325
An integer overflow in the VNC module in VideoLAN VLC Media Player up to and including 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
Videolan Vlc Media Player
Debian Debian Linux 11.0
4
CVSSv2
CVE-2015-5239
Integer overflow in the VNC display driver in QEMU prior to 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
Qemu Qemu
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Suse Linux Enterprise Server 11
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Debuginfo 11
Suse Linux Enterprise Server 12
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Desktop 12
Arista Eos 4.15
Arista Eos 4.14
Arista Eos 4.13
Arista Eos 4.12
2.1
CVSSv2
CVE-2016-8667
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
Qemu Qemu
Qemu Qemu 2.9.0
Opensuse Leap 42.2
Debian Debian Linux 8.0
5
CVSSv2
CVE-2019-17662
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be ...
Cybelsoft Thinvnc 1.0
1 EDB exploit
10 Github repositories
8.5
CVSSv2
CVE-2009-3616
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and previous versions might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending ...
Qemu Qemu
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
NA
CVE-2023-41878
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obta...
Metersphere Metersphere
NA
CVE-2023-43826
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitra...
Apache Guacamole
5
CVSSv2
CVE-2018-20024
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.
Libvnc Project Libvncserver
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »